2 * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file task_ace_check.cpp
18 * @author Pawel Sikorski (p.sikorski@samsung.com)
20 * @brief Implementation file for installer task ace check
27 #include <widget_install/task_ace_check.h>
28 #include <dpl/assert.h>
29 #include <dpl/foreach.h>
31 #include <widget_install/widget_install_context.h>
32 #include <widget_install/widget_install_errors.h>
33 #include <widget_install/job_widget_install.h>
35 #include <dpl/wrt-dao-rw/widget_dao.h>
36 #include <ace_api_install.h>
38 #include <installer_log.h>
41 namespace WidgetInstall {
42 TaskAceCheck::TaskAceCheck(InstallerContext& context) :
43 DPL::TaskDecl<TaskAceCheck>(this),
46 AddStep(&TaskAceCheck::StartStep);
47 AddStep(&TaskAceCheck::StepPrepareForAce);
48 AddStep(&TaskAceCheck::StepAceCheck);
49 AddStep(&TaskAceCheck::StepProcessAceResponse);
50 AddStep(&TaskAceCheck::StepCheckAceResponse);
51 AddStep(&TaskAceCheck::EndStep);
54 void TaskAceCheck::StepPrepareForAce()
56 m_context.featureLogic =
57 FeatureLogicPtr(new FeatureLogic(m_context.widgetConfig.tzAppid));
58 m_context.job->UpdateProgress(
59 InstallerContext::INSTALL_ACE_PREPARE,
60 "Widget Access Control Check Prepared");
63 void TaskAceCheck::StepAceCheck()
65 WrtDB::WidgetDAO dao(m_context.widgetConfig.tzAppid);
67 // This widget does not use any device cap
68 if (m_context.featureLogic->isDone()) {
73 DPL::String deviceCap = m_context.featureLogic->getDevice();
76 _D("DevCap is : %ls", deviceCap.c_str());
78 std::string devCapStr = DPL::ToUTF8String(deviceCap);
79 ace_policy_result_t policyResult = ACE_DENY;
81 if (m_context.mode.installTime == InstallMode::InstallTime::PRELOAD) {
82 _D("This widget is preloaded. So ace check will be skiped");
83 policyResult = ACE_PERMIT;
85 ace_return_t ret = ace_get_policy_result(
86 const_cast<const ace_resource_t>(devCapStr.c_str()),
90 ThrowMsg(Exceptions::AceCheckFailed, "Instalation failure. "
95 _D("PolicyResult is : %d", static_cast<int>(policyResult));
96 m_context.staticPermittedDevCaps.insert(std::make_pair(deviceCap,
100 m_context.featureLogic->setAceResponse(policyResult != ACE_DENY);
103 void TaskAceCheck::StepProcessAceResponse()
105 if (m_context.widgetConfig.packagingType ==
106 WrtDB::PKG_TYPE_HOSTED_WEB_APP)
111 _D("StepProcessAceResponse");
112 m_context.featureLogic->next();
114 // No device caps left to process
115 if (m_context.featureLogic->isDone()) {
116 WrtDB::WidgetDAO dao(m_context.widgetConfig.tzAppid);
117 #ifdef SERVICE_ENABLED
118 std::list<WrtDB::DbWidgetHandle> serviceList;
119 FOREACH(it , m_context.widgetConfig.configInfo.serviceAppInfoList){
120 WrtDB::WidgetDAO serviceDao(it->serviceId);
121 serviceList.push_back(serviceDao.getHandle());
124 _D("All responses has been received from ACE.");
125 // Data to convert to C API
126 std::vector<std::string> devCaps;
127 std::vector<bool> devCapsSmack;
128 // Saving static dev cap permissions
129 FOREACH(cap, m_context.staticPermittedDevCaps) {
130 _D("staticPermittedDevCaps : %ls smack: %d", cap->first.c_str(), cap->second);
131 std::string devCapStr = DPL::ToUTF8String(cap->first);
132 devCaps.push_back(devCapStr);
133 devCapsSmack.push_back(cap->second);
135 ace_requested_dev_cap_list_t list;
136 list.count = devCaps.size();
137 list.items = new ace_requested_dev_cap_t[list.count];
139 for (unsigned int i = 0; i < devCaps.size(); ++i) {
140 list.items[i].device_capability =
141 const_cast<const ace_resource_t>(devCaps[i].c_str());
142 list.items[i].smack_granted =
143 devCapsSmack[i] ? ACE_TRUE : ACE_FALSE;
145 //TODO: remove dao.getHandle()
146 int ret = ace_set_requested_dev_caps(dao.getHandle(), &list);
147 #ifdef SERVICE_ENABLED
148 FOREACH(it, serviceList){
149 ret |= ace_set_requested_dev_caps(*it, &list);
154 if (ACE_OK != static_cast<ace_return_t>(ret)) {
155 ThrowMsg(Exceptions::AceCheckFailed, "Instalation failure. "
159 std::set<std::string> acceptedFeature;
160 auto it = m_context.featureLogic->resultBegin();
161 for (; it != m_context.featureLogic->resultEnd(); ++it) {
162 if (!(it->rejected)) {
163 acceptedFeature.insert(DPL::ToUTF8String(it->name));
166 ace_feature_list_t featureList;
167 featureList.count = acceptedFeature.size();
168 featureList.items = new ace_string_t[featureList.count];
171 for (std::set<std::string>::const_iterator iter = acceptedFeature.begin();
172 iter != acceptedFeature.end(); ++iter)
174 _D("Accepted feature item: %s", iter->c_str());
175 featureList.items[i] = const_cast<char *>(iter->c_str());
179 //TODO: remove dao.getHandle()
180 ret = ace_set_accepted_feature(dao.getHandle(), &featureList);
181 #ifdef SERVICE_ENABLED
182 FOREACH(it, serviceList){
183 ret |= ace_set_accepted_feature(*it, &featureList);
186 delete[] featureList.items;
188 if (ACE_OK != static_cast<ace_return_t>(ret)) {
189 _E("Error in ace_set_feature");
190 ThrowMsg(Exceptions::AceCheckFailed, "Instalation failure. "
191 "ace_set_feature failure.");
196 _D("Next device cap.");
197 // Process next device cap
198 SwitchToStep(&TaskAceCheck::StepAceCheck);
201 void TaskAceCheck::StepCheckAceResponse()
203 _D("Checking ACE response");
204 if (m_context.featureLogic->isRejected()) {
205 _E("Installation failure. Some devCap was not accepted by ACE.");
207 Exceptions::PrivilegeLevelViolation,
208 "Instalation failure. "
209 "Some deviceCap was not accepted by ACE.");
211 _D("Updating \"feature reject status\" in database!");
212 auto it = m_context.featureLogic->resultBegin();
213 auto end = m_context.featureLogic->resultEnd();
214 for (; it != end; ++it) {
215 _D(" |- Feature: %ls has reject status: %d", it->name.c_str(), it->rejected);
217 WrtDB::WidgetDAO dao(m_context.widgetConfig.tzAppid);
218 dao.updateFeatureRejectStatus(*it);
220 #ifdef SERVICE_ENABLED
221 FOREACH( svcApp , m_context.widgetConfig.configInfo.serviceAppInfoList){
222 WrtDB::WidgetDAO dao(svcApp->serviceId);
223 dao.updateFeatureRejectStatus(*it);
228 _D("Installation continues...");
231 void TaskAceCheck::StartStep()
233 LOGD("--------- <TaskAceCheck> : START ----------");
236 void TaskAceCheck::EndStep()
238 m_context.job->UpdateProgress(
239 InstallerContext::INSTALL_ACE_CHECK,
240 "Widget Access Control Check Finished");
242 LOGD("--------- <TaskAceCheck> : END ----------");
244 } //namespace WidgetInstall